I believe that there is nothing else going on at all. The CLI tools were used to construct the rules: no DVSC in play.
-Mike. -- Mike Bursell. Ben Pfaff <b...@nicira.com> wrote: On Thu, Dec 22, 2011 at 04:35:45PM +0000, Mike Bursell wrote: > We've discovered what we suspect is a bug, and are looking for > thoughts, please! > > Observed behaviour: > - Continuous pings being sent from laptop to vm1 > - vm2 is quiescent > - Intermittently, the response to a ping from laptop is seen on vm2 Is anything else going on? Certain kinds of changes to a bridge (adding and removing ports, etc.) can cause the MAC learning table, or particular entries in it, to be flushed. If VMs are being brought up or down, VLANs being created or destroyed, etc., one might expect to see a need to re-learn MAC addresses immediately after those events. I have not carefully looked over your flow table. Is this flow table constructed by hand, generated by DVS, or generated by some other controller? I ask because the "normal" action may not be an effective way to enforce ACLs--it is an implementation of a MAC learning switch, which is not itself an effective way to enforce ACLs--so I wonder what assumptions lie behind this flow table construction.
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
